See 2020 is already GDPR compliant

We have further enhanced it to assist with the new regulation

Over the last six months, Ocuco have spent a great deal of time consulting with customers and Data Protection experts, understanding their interpretation of the new regulation and have created a version of See20/20 that assists with the compliance process.

The new features include

  • Traffic light display of consent, making it easy to see status at a glance indicating consent as: Completed, To Be Completed or Rejected.
  • Data Processing Agreement can be downloaded for patient review and sign.
  • Record the details of those who might be giving consent on behalf of the patient.
  • Record date of consent.
  • Auto expires agreed status of a child when they have passed the age of adulthood in conjunction with the patient’s date of birth.

Communication Preferences:

This area allows the capture of consent based on the reason for communicating; Recall or Marketing.

 

Communication Channel Preferences:

The patient can opt-in or out of each method of communication – Letter, Email or SMS.

The preferred channel of communication for Recall and other activities can be recorded here also.

Configuration of the Data Processing Screen :

See 20/20 now provides the admin user with the ability to set up templates and texts required to comply. Having these built into the software is not a requirement, but Ocuco have invested in this development in our commitment to continuous improvement and adding value.

 

Configuration covers the following topics all of which are part of making compliance easier for the practice owner.

  • Minimum medical retention period (years)
  • Age of Adulthood
  • Data Processing Policy templates
  • Data Processing Disclaimer Text (example provided)
  • Remove Patient Disclaimer Text (example provided)

Eight enhanced patient rights

The page ‘The Basics‘ outlines the eight ‘data subject’ rights. The section below demonstrates how See20/20 complies with each of them.

The right to be forgotten

Deletion or removal from processing can be carried out within See20/20 with a second level of authorisation required.

The right to be informed

Should a patient request information on what data is stored and how it is used, the See20/20 user can print or show a patient on screen a Data Processing Agreement.

The right to access data

Should patients request access to the data stored on them, this can easily be provided in XML format.

The right to data accuracy

All data can be edited and mistakes/incomplete information rectified as needed. See/2020 also has an audit trail.

The right to restrict processing

Patients can easily be removed from recall or marketing so that they will not appear in any communication lists. For those who remain, it is also possible to choose which media channel they prefer, email, letter or SMS.

The right to data portability

Should patients request access to their data stored, this can easily be provided in XML format.

The right to object

The patient’s right to object can be upheld by removing them from all processing. Practice owners should review their legal basis for processing, i.e. ongoing legal case, etc. and understand the circumstances under which they remove the patient from processing.

The right to object to automated processing

Patients will not appear in the marketing module if they have opted out. If you were making decisions based on profiling your patients, then the patient has the right to be excluded from this using the marketing flag.

Other areas of compliance

Compliance is also met in the following three areas

Management of Consent

When an eye exam is complete, the data being stored is relevant and necessary to the performance of the contract with the patient. Consent for non-contractual operations such as marketing can be recorded directly into the practice management system or documented and uploaded.

Secure by Design

See20/20 has inbuilt security rules covering both patient records and application access, passwords authentication with use and role-based access to functions and screens. Files (referral letters, images, uploads) held securely within the database.

Back Up & Restore

See20/20 is a hosted system, so a separate backup is not required by the practice. The data centre where See20/20 is housed, backs up the server and can restore individual practice database.

Should you have any questions please contact us